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IN THE CLAIMS 
Amended claims follow: 

1 . (Currently Amended) A method for protecting a computer in an opened share 
mode, comprising: 

(a) running a computer on a network in an opened share mode, wherein the 
opened share mode indicates a file structure parameter and a name parameter 
and applies only to a manually selected list of at least one of application 
programs and data; 

(b) monitoring attempts to access the computer by applications utilizing the 
network, using the file structure and name parameter; 

(c) determining whether the applications attempt to modify the computer; and 

(d) executing a security event in response to any attempt to modify the 
computer^ 

wherein the opened share mode indicates a plurality of parameters that are 
randomly se lected to prevent detection: 

wherein the computer is r un in an actual opened share mode and a virtual 
opened share mode such th at the at least one of application programs and 
data is accessible in the ac tual opened share mode, and attempted access to 
the at least one of applic ation programs and data associated with the virtual 
opened shar ed mode prompts a security process . 

2. (Original) The method as recited in claim I, wherein the opened share mode 
allows other computers on the network to access data stored on the computer. 

3. (Cancelled) 

4. (Currently Amended) The method as recited in claim [3]i, wherein the 
virtual opened share mode indicates to other computers of an ability to write 
to the computer. 
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5. (Original) The method as recited in claim 4, wherein the computer operates 
in the virtual opened share mode by modifying an application program 
interface. 

6. (Original) The method as recited in claim 5, wherein the application program 
interface includes an operating system application program interface. 

7. (Original) The method as recited in claim 5, wherein the application program 
interface includes a network application program interface. 

8. (Cancelled) 

9. (Cancelled) 

10. (Original) The method as recited in claim I, wherein the opened share mode 
applies to each of a plurality of networks of which the computer is a member. 

11. (Cancelled) 

12. (Cancelled) 

13. (Cancelled) 

14. (Original) The method as recited in claim 1 , wherein the computer is run on 
the network in a plurality of opened share modes. 

15. (Original) The method as recited in claim 1, wherein any attempt to modify 
' the computer is utilized in a heuristic analysis for identifying a coordinated 

attack on multiple computers. 
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16. (Original) The method as recited in claim I, wherein attempts to modify the 
computer are tracked. 

1 7. (Original) The method as recited in claim 1 , wherein it is determined whether 
the applications attempt to write to memory in the computer, and the security 
event is executed in response to any attempt to write to memory in the 
computer. 

18. (Original) The method as recited in claim 1, wherein it is determined whether 
the applications attempt to copy a virus to memory in the computer, and the 
security event is executed in response to any attempt to copy the virus to 
memory in the computer. 

19. (Original) The method as recited in claim 1, wherein the security event 
includes logging the computer off the network in response to any attempt to 
modify the computer. 

20. (Original) The method as recited in claim 1, wherein the security event 
includes terminating the application attempting to modify the computer. 

2) . (Original) The method as recited in claim 1, wherein the security event 
includes deleting the application attempting to modify the computer. 

22. (Original) The method as recited in claim 1 s wherein the security event 
includes an alert transmitted via the network. 

23. (Original) The method as recited in claim 22, wherein the alert includes 
information associated with the application attempting to modify the 
computer. 
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24. (Currently Amended) A computer program product for protecting a computer 
in an opened share mode, comprising: 

(a) computer code for running a computer on a network in an opened share 
mode, wherein the opened share mode indicates a file structure parameter 
and a name parameter and applies only to a manually selected list of at least 
one of application programs and data; 

(b) computer code for monitoring attempts to access the computer by 
applications utilizing the network, using the file structure and name 
parameter; 

(c) computer code for determining whether the applications attempt to modify 
the computer; and 

(d) computer code for executing a security event in response to any attempt to 
modify the computer; 

wherein the opened sh are mode indicates a plurality of parameters that are 
randomly selected to prevent detection; 

wherein the computer is run in an actual opened share mode and a virtual 
opened share mode such that the at least one of application programs and 
data is accessible in the actual opened share mode, and attempted access to 
the at least one of applic ation programs and data associated with the virtual 
opened sh ared mode prompts a security process . 

25. (Original) The computer program product as recited in claim 24, wherein the 
network includes the Internet 

26. (Original) The computer program product as recited in claim 24, wherein the 
opened share mode allows other computers on the network to access data 
stored on the computer. 

27. (Cancelled) 
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(Currently Amended) The computer program product as recited in claim 
[27)24, wherein the virtual opened share mode indicates to other computers 
of an ability to write to the computer. 

(Original) The computer program product as recited in claim 28, wherein the 
computer operates in the virtual opened share mode by modifying an 
application program interface. 

(Original) The computer program product as recited in claim 29, wherein the 
application program interface includes an operating system application 
program interface. 

(Original) The computer program product as recited in claim 30, wherein the 
application program interface includes a network application program 
interface. 

(Cancelled) 

(Cancelled) 

(Original) The computer program product as recited in claim 24, wherein the 
opened share mode applies to each of a plurality of networks of which the 
computer is a member. 

35. (Cancel led) 

36. (Cancelled) 

37. (Cancelled) 
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38. (Original) The computer program product as recited in claim 24, wherein the 
computer is run on the network in a plurality of opened share modes. 

39. (Original) The computer program product as recited in claim 24, wherein any 
attempt to modify the computer is utilized in a heuristic analysis for 
identifying a coordinated attack on multiple computers. 

40. (Original) The computer program product as recited in claim 24, wherein 
attempts to modify the computer are tracked. 

41 . (Original) The computer program-product as recited in claim 24, wherein it is 
determined whether the applications attempt to write to memory in the 
computer, and the security event is executed in response to any attempt to 
write to memory in the computer. 

42. (Original) The computer program product as recited in claim 24, wherein it is 
determined whether the applications attempt to copy a virus to memory in 
the computer, and the security event is executed in response to any attempt to 
copy the virus to memory in the computer. 

43. (Original) The computer program product as recited in claim 24, wherein the 
security event includes logging the computer off the network in response to 
any attempt to modify the computer. 

44. (Original) The computer program product as recited in claim 24, wherein the 
security event includes terminating the application attempting to modify the 
computer. 

45. (Original) The computer program product as recited in claim 24, wherein the 
security event includes deleting the application attempting to modify the 
computer. 
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46. (Original) The computer program product as recited in claim 24, wherein the 
security event includes an alert transmitted via the network. 

47. (Original) The computer program product as recited in claim 46, wherein the 
alert includes information associated with the application attempting to 
modify the computer. 

48. (Original) The computer program product as recited in claim 24, wherein at 
least a portion of the computer code resides on a gateway. 

49. (Original) The computer program product as recited in claim 48, wherein the 
security event includes blocking access to the computer. 

50. (Currently Amended) A system for protecting a computer in an opened share 
mode, comprising: 

(a) logic for running a computer on a network in an opened share mode, wherein 
the opened share mode indicates a file structure parameter and a name 
parameter and applies only to a manually selected list of at least one of 
application programs and data; 

(b) logic for monitoring attempts to access the computer by applications utilizing 
the network, using the file structure and name parameter; 

(c) logic for determining whether the applications attempt to modify the 
computer; and 

(d) logic for executing a security event in response to any attempt to modify the 
computer; 

wherein the opened shar e mode indicates a plurality of parameters that are 
randomly selected to prevent detection; 

wherein the computer is run in an actual opened share mode and a virtual 
opened share mode such that the at least one of application programs and 
data is acces sible in the actual opened share mode, and attempted access to 



PACE 15/24 ' RCVD AT 6/2/2005 1:48:47 PM [Eastern Daylight Time] " SVR:USPTO-EFXRF-1/2 * DN1S:8729306 * CSID:408 971 4660 * DURATION (mm-ss): 07-34 



-Jun 02 05 10:52a- 



SVIPG 



408 971 4GG0 



p* 1G 



-9- 

the at least one of application programs and data associated with the virtual 
opened shared mode prompts a security process . 

5 1 . (Currently Amended) A method for protecting a computer in an opened share 
mode, comprising: 

(a) running a computer on a network in a virtual opened share mode and an 
actual opened share mode, wherein the virtual opened share mode allows 
other computers on the network to access predetermined data and programs 
resident on the computer, and indicates to other computers of an ability to 
write to the computer, and the actual opened share mode indicates a file 
structure parameterand a name parameter that are capable of actually being 
accessed by the other computers, and applies only to a manually selected list 
of at least one of application programs and data; 

(b) monitoring attempts to access the computer by applications utilizing the 
network, using, at least in part, the file structure and name parameter; 

(c) determining whether the applications attempt to modify the computer; 

(d) tracking the attempts of the applications to modify the computers; 

(e) transmitting an alert via the network in response to any attempt to modify the 
computer, wherein the alert includes information associated with the 
applications attempting to modify the computer; 

(0 logging the computer off the network in response to any attempt to modify 
the computer; and 

(g) deleting any application attempting to modify the computer; 

(h) wherein any attempt to modify the computer is utilized in a heuristic analysis 
for identifying a coordinated attack on multiple computers; 

(i) wherein (d)-(h) are carried out if it is determined that the applications 
attempt to modify the computer via the virtual opened share mode; and 

_ access is permitted if it is determined that the applications attempt to modify 
the computer via the actual opened share mode- 
wherein the parameters are randomly selected to prevent detection . 
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52. (Currently Amended) A computer program product for protecting a computer 
in an opened share mode, comprising: 

(a) computer code for running a computer on a network in a virtual opened share 
mode and an actual opened share mode, wherein the virtual opened share 
mode allows other computers on the network to access predetermined data 
and programs resident on the computer, and indicates to other computers of 
an ability to write to the computer, and the actual opened share mode 
indicates a file structure parameter and a name parameter that are capable of 
actually being accessed by the other computers, and applies only to a 
manually selected list of at least one of application programs and data; 

(b) computer code for monitoring attempts to access the computer by 
applications utilizing the network, using, at least in part, the file structure and 
name parameter; 

(c) computer code for determining whether the applications attempt to modify 
the computer; 

(d) computer code for tracking the attempts of the applications to modify the 
computers; 

(e) computer code for transmitting an alert via the network in response to any 
attempt to modify the computer, wherein the alert includes information 
associated with the applications attempting to modify the computer; 

(f) computer code for logging the computer off the network in response to any 
attempt to modify the computer; and 

(g) computer code for deleting any application attempting to modify the 
computer; 

(h) wherein any attempt to modify the computer is utilized in a heuristic analysis 
for identifying a coordinated attack on multiple computers; 

(i) wherein (d)-(h) are carried out if it is determined that the applications 
attempt to modify the computer via the virtual opened share mode; and 
access is permitted if it is determined that the applications attempt to modify 
the computer via the actual opened share mode; 

wherein the parameters are randomly selected to prevent detection . 
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53. (Previously Presented) The method as recited in claim 1, wherein the file 
structure includes a tree structure. 

54. (Cancelled) 

55. (Currently Amended) The method as recited in claim [54]I, wherein the 
security process includes temporarily logging off the network, recording in a 
record information on any attempt to modify the computer including time 
and source information, logging the computer back on the network in a mode 
other than the actual opened share mode, transmitting the information to a 
third party, determining whether a trend is found indicative of a coordinated 
attack, and sending an alert and logging a culpable computer off the network 
based on the determination. 



PACE 18/24 * RCVD AT 6/2/2005 1 :48:47 PM [Eastern Daylight Time] * 8VR:USPTO-EFXRF-1/2 " DNI8:8729306 - C8ID:408 971 4660 * DURATION (mm-ss):07-34 



